On 02/26/2011 10:06 PM, Brady Young wrote: > > > In any case, I undertsand the next step is to get the ssh-ified version > of the key, adding to to ~/.ssh/authorized_keys on the remote host: > > $ gpgkey2ssh 3B70AC3E > file_to_upload > > (file_to_upload is scp'd over to remote host in correct location..) > (I sohuld also note gpgkey2ssh is in dire need of documentation and > proper error handling.) >
"ssh-add -L" does this a little better. But yes, the more obscure features in gpg get, the more obscure the documentation is. ;-) > sshing into my host at this point, ssh fails to recognize I have a key > at all (although does attempt to send the empty ~/.ssh/id_dsa and id_rsa), > and falls back to a password login. > > > My GnuPG card has been working fine with signing and encryption subkeys, > so I'm not suspecting a card communication error here.. > You can check to see if gpg-agent knows about the key by checking the contents of ~/.gnupg/private-keys-v1.d/. If there's nothing there, the key didn't make it into gpg-agent: grant@johnyaya:~$ ls /home/grant/.gnupg/private-keys-v1.d/ E7B0B073ECB5F3F3CCD4405BA1A2FB22271800A5.key Another thing that might help... If gpg-agent is working properly, it'll also import your old keys like ~/.ssh/id_rsa, asking you for an old password, and then asking for a new password to save, and generating a file under ~/.gnupg/private-keys-v1.d/. So you could try creating normal ssh keys, adding those to your authorized keys file normally, ssh'ing normally, without gpg-agent. If all that works, enable gpg-agent again and see if pinentry takes over when you ssh to the box, and tries to import ~/,ssh/id_rsa. That will at least let you know if it's gpg-agent or the card that's giving you problems. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
